curl is vulnerable to denial of service (DoS) attacks. This is because the libcurl does not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker could send a specially crafted FTP URL to an application could write a NULL byte at an arbitrary location resulting in an application crash.
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index
access.redhat.com/errata/RHSA-2018:3157
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1510247
bugzilla.redhat.com/show_bug.cgi?id=1542256
bugzilla.redhat.com/show_bug.cgi?id=1610998